diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2018-01-09 17:13:39 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2018-01-09 17:24:49 +0100 |
commit | 3ab85ed1aca250501bcd098f5c304e3ddde96e79 (patch) | |
tree | 0d78fb9dc2fc51b7ae679a43e790bb657266a7b4 /nixos | |
parent | f312e6d9930e9cd278f5823f6040f6e8e1214ab6 (diff) |
nixos/kresd: use DNSSEC root trust anchor from nixpkgs
in read-only way. If the cache directory is empty and you use the very same service for system's DNS, kresd is unable to bootstrap root trust anchors, as it would need a DNS lookup. Also, if we don't rely on bootstrap, the extra lua deps of kresd could be dropped by default, but let's not do that now, as the difference in closure size is only ~4 MB, and there may be other use cases than running the package as nixos service this way.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/kresd.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/kresd.nix b/nixos/modules/services/networking/kresd.nix index 64f36cadc1d0a..7e36c69cc4e39 100644 --- a/nixos/modules/services/networking/kresd.nix +++ b/nixos/modules/services/networking/kresd.nix @@ -99,7 +99,7 @@ in script = '' exec '${package}/bin/kresd' --config '${configFile}' \ - -k '${cfg.cacheDir}/root.key' + -k '${pkgs.dns-root-data}/root.key' ''; requires = [ "kresd.socket" ]; |